https://github.com/jonluca/blackboard-clone

Phishing clone for Blackboard
https://github.com/jonluca/blackboard-clone

Last synced: 5 months ago
JSON representation

Phishing clone for Blackboard

• Host: GitHub
• URL: https://github.com/jonluca/blackboard-clone
• Owner: jonluca
• Created: 2017-10-06T01:50:13.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2022-12-09T04:52:57.000Z (over 3 years ago)
• Last Synced: 2025-02-12T23:38:50.674Z (over 1 year ago)
• Language: JavaScript
• Size: 1.76 MB
• Stars: 1
• Watchers: 3
• Forks: 2
• Open Issues: 10
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# USC BlackBoard Clone

The live site used to be here. The domain has since expired, but you can view it by running it locally using the source code provided in this repo.

## About

This is a proof of concept to illustrate how easy it is to create a phishing site that is somewhat believable. This site was created for ITP 325, Ethical Hacking and System Defense.

There is an overlay on the live site saying that it is not the real BlackBoard, with a link to this GitHub. 

## Stack

The original blackboard site was cloned utilizing HTTrack. I use a simple node/express backend to serve the files. 

Matching the suburls and routes was trivial, as we only care about the credential post request from the fake USC login. 

We do verification using puppeteer, a headless browser developed by the Chromium team. This checks the credentials to make sure they are valid, and returns the appropriate message. If they are valid, it redirects the user to the real USC login.

The SSL certificate was signed by Lets Encrypt. This provides the green checkmark in browsers (although not an Enterprise Cert), which gives an additional layer of confidence for the average user.